16 January 2017
16 January 2017,
 Off

London – January 16th, 2017

By OrientDB CEO, Luca Garulli

After ransomware groups recently wiped off about 34,000 MongoDB database and exposed about 35,000 Elastic Search databases on the Internet*(read the full article), we advise that OrientDB users double check their OrientDB server.

OrientDB’s average level of security is much stronger than both MongoDB and ElasticSearch. However, nothing can keep you totally safe, specially if you are exposing an OrientDB server directly to the Internet and/or you haven’t changed the default password in your database.

Follow this 5 minute action plan to keep your OrientDB database safe:

1. If you aren’t using the default users (admin, reader and writer), then delete them.

2. If you’re using them, be sure you changed the password for all 3 default users: admin, reader and writer.

3. When you installed OrientDB for the first time, the script asked for the root password. Make sure you didn’t set something obvious such as “root“, “orientdb“, “password“, or any other simple/obvious password.

Now a little advice to keep OrientDB even more secure:

1. If you can, don’t expose the OrientDB server to the Internet.security-box

2. Remember that starting from v2.2 you can configure stronger SALT cycles for hashed passwords. Take a look at the following page for more details: http://orientdb.com/docs/2.2/Database-Security.html#password-management.

3. If you’re working with very sensitive data, please consider using Encryption at REST with AES algorithm. For more details, take a look at the following page: http://orientdb.com/docs/2.2/Database-Encryption.html.

4. Don’t use a password at all. Since v2.2.14, OrientDB Enterprise Edition supports authentication via symmetric keys for the Java client. See http://orientdb.com/docs/2.2/Security-Symmetric-Key-Authentication.html.

5. Lastly, don’t forget OrientDB’s other advanced security features, such as Kerberos authentication, LDAP users, password validation, and auditing.

More Resources:

  1. Database Security
  2. Server Security

For any question, don’t hesitate to ask to the Community Group.

Thanks and keep your data safe!

Luca Garulli
Founder & CEO
OrientDB LTD

*http://www.pcworld.com/article/3157417/security/after-mongodb-ransomware-groups-hit-exposed-elasticsearch-clusters.html

Comments are closed.